Technical Information
- '%CommonProgramFiles%\Microsoft Shared\liuliang.exe'
- '%CommonProgramFiles%\Microsoft Shared\DHLwangma.exe'
- '%CommonProgramFiles%\Microsoft Shared\liuliang.exe' (downloaded from the Internet)
- '%CommonProgramFiles%\Microsoft Shared\DHLwangma.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c del <Full path to virus> > nul
- %CommonProgramFiles%\Microsoft Shared\liuliang.exe
- %CommonProgramFiles%\Microsoft Shared\DHLwangma.exe
- 'www.rt###o.com.cn':80
- '22#.#86.56.52':3795
- 'localhost':1036
- http://www.rt###o.com.cn/Tyrant/wangma/liuliang.exe
- http://www.rt###o.com.cn/Tyrant/wangma/DHLwangma.exe
- DNS ASK www.rt###o.com.cn